Commentary
JailBroken iPhones Targeted By Rick-Rolling Worm
The SANS Institute Internet Storm Center is warning users of jailbroken iPhones that a new worm is targeting their hacked phones. So how dangerous is it, really?The SANS Institute Internet Storm Center is warning users of jailbroken iPhones that a new worm is targeting their hacked phones. So how dangerous is it, really?In case you're not aware, jailbroken iPhones may be able to run on various mobile networks, and run unofficial software - but the price paid is significant loss of security. As The Internet Storm Center pointed out in a post late Saturday:
One of the problems with most jailbroken iPhones is that they run various services, including SSH among the others. The installation of SSH service is terribly insecure and, besides allowing remote root login, also leaves a default password on most jailbroken iPhones.
More Security Insights
White Papers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Reports
More >>Webcasts
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
Not good. And this common condition with jailbroken iPhones was also used in an attack in the Netherlands where the malware creator installed a backdoor enabled Trojan that demanded 5 Euros for removal.
The new worm, however, spreads on its own, and after it infects an iPhone it will perform a scan of 3G IP addresses. It will then attempt to copy itself to the phone by logging in with root access.
If successful, the worm will change the background of the phone to a photo of the 1980s pop star Rick Astley - a sort of "Rick Roll." Last year it became a popular social network meme for users to use small URLs (which hide the true hyperlink destination) so send users to the 1987 song Never Gonna Give You Up.
There is a photo of a hijacked iPhone in this Dark Reading post.
Is this a dangerous worm? All worms are dangerous - as unauthorized code being executed by someone not authorized by the phone's owner is always a security risk. But it seems the goal of this worm was to raise awareness. The worm's author wouldn't have done something so blatant as to change the wallpaper had discovery not been the goal.
It's also a harbinger of things to come. And just as most of the first PC worms and viruses did little more than propagate or play simple songs before becoming malicious -- I'd expect the same progression on mobile phones.
For my security and business observations throughout the day, consider following me on Twitter.
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More
